SUNY NIST Policy Initiative Frequently Asked Questions (FAQs)
What is the NIST Policy Initiative?
In 2016, the SUNY Board of Trustees adopted the Information Security Policy 6900 which is applicable to all state-operated and community colleges. With emerging and ongoing cybersecurity risks, the NIST Policy Initiative seeks to enhance current cybersecurity efforts. One way is by establishing SUNY System-wide policies based on the NIST 800-53 standards. Along with the rest of SUNY, Fredonia will be developing and rolling out the NIST based information security policies during the 2019-2020 and 2020-2021 academic years.
What is NIST?
The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Commerce Department. It was established to encourage and assist innovation and science through the promotion and maintenance of a set of industry standards. The NIST 800-53 standards are a comprehensive catalog of cybersecurity controls and implementation guidelines for information systems. The security controls are segmented into 18 control families that address the operational, technical, and managerial safeguards. Each control family is required to protect the confidentiality, integrity, and availability of information.
Why Fredonia is adopting the NIST Policies?
What are the NIST Policies we are adopting?
Visit the Fredonia Policy Page
Who do these policies apply to?
These policies are applicable to all employees who access Information Technology (IT) Resources owned and/or operated by Fredonia. This includes Fredonia’s Information Assets, Business Systems, and Information Technology Resources. Any information, not specifically identified as the property of other parties, that is transmitted. In addition to anything stored on Fredonia IT Resources (including e-mail, messages, and files) is the property of Fredonia. Any person using IT Resources, is responsible for receiving some level of Information security training in accordance with this Policy.
What do these policies mean to Fredonia employees?
The Information Technology Services (ITS) department will generally be the primary implementers of the controls referenced within these policies. However, any employee or affiliate utilizing University regulated data and/or system(s) will need to adhere to the policy requirements. Those employees that administer or manage information systems need to ensure that they fully understand these policies. Please contact the Information Security Office (716) 673-4725 if you have any questions.